OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Vuln-Dev Archives: Napster a little insecure?

Napster a little insecure?


Subject: Napster a little insecure?
From: Dennis Miller (dmillerI-MIND.COM)
Date: Thu Jan 27 2000 - 19:58:57 CST


I'm running Napster v2.0 Build 1318 which is a freeware utility to share
MP3's across
the internet located at http://www.napster.com <http://www.napster.com> .
Notice Napster sends the complete location of the file(s) being sent. Does
this mean that there is a way to coax the client to offer up ANY file?

RECEIVED (on different query)
    81 00 C9 00
    "c:\WINDOWS\DESKTOP\mp3s\Nirvana-Lithium.mp3"
        (32-byte checksum)
        (size in bytes)
        (bitrate in kbps)
        (freq)
        (duration in seconds)
        (username)
        (magic cookie - "643813570")
        (line speed)
    92 00 C9 00
    "G:\Program Files\napster\Music\NIRVANA - Smells Like
                Teen Spirit.mp3"
        (32-byte checksum)
        ...
    00 00 CA 00 00 00

Dennis Miller
dmilleriMind.com



This archive was generated by hypermail 2b27 : Fri Jan 28 2000 - 01:14:04 CST